Comments on: How Wordpress Blogs Are Hacked

By: Barry Welford

Barry Welford — Thu, 10 Jul 2008 13:01:26 +0000

I would still strongly recommend using WordPress rather than Blogger. What you gain with functionality and SEO far outweighs the small amount of effort required to maintain a high security level.

By: Web Hosting Hints

Web Hosting Hints — Thu, 10 Jul 2008 06:23:05 +0000

Wow, what a revelation. I was still using blogger for my blogs. I was searching for info. on wordpress. I want to get into it. After reading this, I’m a little bit more cautious.

By: r3ck0rd

r3ck0rd — Mon, 07 Jul 2008 15:42:42 +0000

I don’t know if “spamming” considered as hacking.
I would recommend Yawasp against spamming by the way. (Admin note: Yawasp is in German.)

By: Barry Welford

Barry Welford — Sat, 05 Jul 2008 16:53:18 +0000

There is always the possibility that a plugin has not been made as securely as it should. It’s important to stay aware of developer comments about plugins and watch out for security loopholes. Normally the most popular ones should not give problems.

By: Web Design Philippines

Web Design Philippines — Sat, 05 Jul 2008 10:13:37 +0000

They said, some plugins that you install in wordpress can hack you? Is that true?

By: HostGator Blog | Gator Crossing » Blog Archive » Easy Ways to Prevent Your Site from Being Hacked on Shared Hosting

Fri, 27 Jun 2008 21:55:44 +0000

[...] Here’s a couple of useful starting points and interesting articles to checkout. … How Wordpress Blogs are Hacked [...]

By: Joshton

Joshton — Sun, 01 Jun 2008 18:44:45 +0000

I think the best way for hackers to hack wordpress is through some sort of injection through the browser URL bar. Before the recent upgrades, XSS (cross ssite scripting) were the most common, especially through the editor.

By: XStrafer's WebPlace

XStrafer's WebPlace — Thu, 08 May 2008 21:32:46 +0000

great ideas! thanks a lot for a good article

By: Barry Welford

Barry Welford — Wed, 26 Mar 2008 12:28:51 +0000

Thank you, Lynne. I think they are just the essential ‘house maintenance’ that we must all get involved with for peace of mind.

By: Lynne Foster

Lynne Foster — Wed, 26 Mar 2008 12:20:53 +0000

Some excellent tips there - thanks!

By: Webrocker » Wordpress Hackereien

Webrocker » Wordpress Hackereien — Fri, 21 Mar 2008 09:47:23 +0000

[...] interessant sind dabei wohl alle Dateien, die in das Blog “schreiben” dürfen. Auf cre8asite.net gibt es Details dazu, und wenn man sich diesen Link und die weiterführenden anschaut, wird es [...]

By: Barry Welford

Barry Welford — Thu, 21 Feb 2008 20:30:47 +0000

I guess an alternative way, Diane, is to allow access only to IPs that you control. I’m not sure whether that blocks people registering.

By: DianeV

DianeV — Thu, 21 Feb 2008 20:09:49 +0000

I agree, Barry.

I looked through some of the examples at the links you provided. I think one thing that can be helpful is that, if you don’t need for people to register, to simple put a password on the wp-admin folder. At least, that’s one thing out of the way.

By: Barry Welford

Barry Welford — Thu, 21 Feb 2008 14:14:25 +0000

Thanks, Diane. Your two points re database back-up and finding the hole are very sound advice. The latter is sometimes not easy unfortunately.

By: Diane Vigil

Diane Vigil — Thu, 21 Feb 2008 11:12:35 +0000

Excellent post, Barry.

Your caution about having backups is important; without backups, you’re open to all kinds of things happening, including simple error. That would include backing up your database on an ongoing basis, as some hacks may insert stuff in the database.

I also think that, if your WordPress blog gets hacked, it’s vital to look into *how* it got hacked so that you can plug the hole.

By: Barry Welford

Barry Welford — Wed, 20 Feb 2008 14:47:31 +0000

Thanks for stopping by, Wayne. I would suggest doing a backup just before the weekend: that’s a time of higher risk.

By: Wayne Liew

Wayne Liew — Wed, 20 Feb 2008 09:32:40 +0000

First of all, thanks for the link.

I guess one should always have their blogs backed up. At least even if a hacker is smart enough to break though every barrier that we have set up, we still have something to fall back onto.